Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apparent Bug in Nmap

From: David Fifield <david () bamsoftware com>
Date: Thu, 4 Jun 2009 16:29:48 -0600
On Thu, Jun 04, 2009 at 11:38:03AM -0500, sbammel wrote:

The following is relevant data for that which appears clear to me is a
bug in Nmap.  Thanks for a fine program.

Test #1: (gives correct results)

Nmap Command:
c:\Temp\nmap>nmap -sP 10.11.0.1 10.11.0.2
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-04 11:19 Central Daylight Time
Nmap done: 2 IP addresses (0 hosts up) scanned in 5.14 seconds

Ethereal Output:
No.     Time        Source                Destination           Protocol Info
      1 0.000000    10.10.0.81            10.11.0.2             TCP      51666 > http [ACK] Seq=0 Ack=0 Win=2048 Len=0
      2 0.004446    10.10.0.81            10.11.0.1             TCP      51666 > http [ACK] Seq=0 Ack=0 Win=1024 Len=0
      3 0.004644    10.10.0.81            10.11.0.1             ICMP     Echo (ping) request
      4 0.013672    10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)
      5 0.014266    10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)
      6 2.028412    10.10.0.81            10.11.0.1             ICMP     Echo (ping) request
      7 2.028776    10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)
      8 2.029244    10.10.0.81            10.11.0.1             TCP      51667 > http [ACK] Seq=0 Ack=0 Win=4096 Len=0
      9 2.029571    10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)


Test #2: (shows 10.11.0.1 up when it is not)

Nmap Command:
c:\Temp\nmap>nmap -sP 10.11.0.2 10.11.0.1
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-04 11:19 Central Daylight Time
Host 10.11.0.1 is up (0.00s latency).
Nmap done: 2 IP addresses (1 host up) scanned in 1.74 seconds

Ethereal Output:
No.     Time        Source                Destination           Protocol Info
     10 11.277806   10.10.0.81            10.11.0.1             TCP      62969 > http [ACK] Seq=0 Ack=0 Win=3072 Len=0
     11 11.278167   10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)
     12 11.278961   10.10.0.81            10.11.0.2             TCP      62969 > http [ACK] Seq=0 Ack=0 Win=2048 Len=0
     13 11.279236   10.10.0.81            10.11.0.2             ICMP     Echo (ping) request


The order of the IP addresses makes a difference in the results.  


I don't have an explanation for why the order of targets would matter.
In test #1, Nmap should have taken any one of the host unreachables sent
by 10.11.0.1 as evidence that the host was up.

Please send the output of these commands:
nmap -d3 -sP 10.11.0.1 10.11.0.2 > test-1.txt
nmap -d3 -sP 10.11.0.2 10.11.0.1 > test-2.txt

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: